Dear Fortinet: find a map, identify Canada, sell stuff here

So after all of the (largely positive) references to FortiGate products that I've read, both here on Ars and elsewhere, they were the first ones I thought of when it came time to plan the replacement of our elderly Watchguard Firebox units. I lean very heavily towards the "ease of use" end of things, because I'm a network guy when necessity knocks, rather than as my primary job. And Fortinet has a large product line that would seem to complement our other projects (replacement wireless network, point-to-point VPN, etc.) rather nicely. And pricing all seems to be pretty reasonable.

There's just one minor problem: apparently nobody at Fortinet is aware that Canada exists. Both of the big, multi-national VARs I deal with sell Fortinet products in the USA, but both are forbidden from selling them in Canada. Looking around online, only a few small internet-based shops carry Fortinet devices here in Canada, which suggests that they're grey market and I'd be SOL if I ever needed actual support. In desperation, I even fill out Fortinet's "Give us your contact info and we'll sic forty-three salesmen on you" form to find a local dealer, and hear absolutely nothing.

So, as a potential customer who doesn't really want to pay Cisco money or learn the "Cisco way" of doing things... what the fuck, Fortinet?

I'm in Ottawa (the capital), so not deep at all. I'm maybe a ten minute drive from their office on Moodie Drive, according to that link!

Both CDW and Softchoice deal with Tech Data. Both tell me they're not permitted to sell Fortinet products in Canada.

I know my CDW rep is a moron, which is why I don't deal with them much anymore. But the Softchoice guy has always been straight with me (and knows that if I buy Cisco, it won't be through them). He called their Fortinet distributor (I assume it was Tech Data, but could have been Ingram Micro, I suppose), who told him that they could only sell Fortinet products to Softchoice for US customers.

EDIT: I just sent my Softchoice rep an email asking if he's talked to his Tech Data rep, to see what he says.

Well, my Softchoice guy has clarified that he did talk to Tech Data, and the issue is actually that Tech Data won't sell Fortinet products to Softchoice Canada, because they (Softchoice Canada) don't have enough(/any?) people certified on Fortinet products. In other words, since my main VAR hasn't made sufficient effort to understand the product line, they're not allowed to sell it. Which totally makes sense.

I have one more VAR I can reach out to, but I'm not expecting any better response from them, so you might have a PM from me soon, ronelson.

Well, my last VAR also isn't authorized to sell Fortinet gear, although they did come back to me with a quote for comparable Cisco gear for a significantly better price than expected (assuming that a pair of ASA-5512s with Sec. Plus and a pair of ASA5505s, all with a year of 24x7x4 SmartNet for $10K pre-tax is as good a deal as I think it is). In fact, it's better than I expected the pricing on a pair of 40Cs and a pair of 300Cs to be.

Well, my last VAR also isn't authorized to sell Fortinet gear, although they did come back to me with a quote for comparable Cisco gear for a significantly better price than expected (assuming that a pair of ASA-5512s with Sec. Plus and a pair of ASA5505s, all with a year of 24x7x4 SmartNet for $10K pre-tax is as good a deal as I think it is). In fact, it's better than I expected the pricing on a pair of 40Cs and a pair of 300Cs to be.

1. The 5512x and the 300c arent even in the same universe as far as inspection goes. you would need to compare the 100d

Got anybody lives near the border? ill be happy to ship it in states.

I can smoke that pricing with fortinet.

but again that cisco gear you quoted isnt even close. I also wouldnt get a 40c... but tomato tomato...

If you need to talk firm numbers or something shoot me a Private message.

The 300C/5512s are for an HA pair for head office. 150 employees, two independent 10/10 WAN links, already routed by the time they hit the firewall (with plans to upgrade to 25/25 or 50/50). SSL VPN handled by a separate appliance. We're not doing any kind of packet inspection/filtering that I'm aware of, and have no plans to start. The 40C/5505s are to sit with two partner firms, and exist solely to maintain a point-to-point IPSec VPN tunnel from each of them to our head office.

I'll respond to your PM separately, but I'd be curious what you'd recommend for the above requirements and against the suggested Cisco gear. Might as well do it in-thread, in case anyone else is ever searching for similar information.

The 300C/5512s are for an HA pair for head office. 150 employees, two independent 10/10 WAN links, already routed by the time they hit the firewall (with plans to upgrade to 25/25 or 50/50). SSL VPN handled by a separate appliance. We're not doing any kind of packet inspection/filtering that I'm aware of, and have no plans to start. The 40C/5505s are to sit with two partner firms, and exist solely to maintain a point-to-point IPSec VPN tunnel from each of them to our head office.

I'll respond to your PM separately, but I'd be curious what you'd recommend for the above requirements and against the suggested Cisco gear. Might as well do it in-thread, in case anyone else is ever searching for similar information.

No filtering? just firewall?

Its going to come down to do you ever want to turn on the features for lets say 100/100 internet.

If the answer is no we are not turning on the filtering or maybe 3-4 years down the road. You can drop to a much lower box. for firewall only it is hard to beat the 60D with the SOC3 1.5 GBPS for $1200 but the flow based AV caps out at 50 meg. and it would be really pressed at 50 megs.

If the answer is hmm probably. go to the 100D. will take care of everything you need unless you get a full gig burst-able link.